CVE-2003-1418
Apache HTTP Server 1.3.22-1.3.27 - Sensitive Information Exposure via ETag Header or MIME Boundary
Title source: llmDescription
Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID).
References (5)
Core 5
Core References
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Various Sources vendor-advisory
x_refsource_openbsd
http://www.openbsd.org/errata32.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/6939
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/6943
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11438
Scores
EPSS
0.0658
EPSS Percentile
93.0%
Details
CWE
CWE-200
Status
published
Products (6)
apache/http_server
1.3.22
apache/http_server
1.3.23
apache/http_server
1.3.24
apache/http_server
1.3.25
apache/http_server
1.3.26
apache/http_server
1.3.27
Published
Dec 31, 2003
Tracked Since
Feb 18, 2026